Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Schedule Firewall Rules Blocking all LAN

    Firewalling
    3
    5
    617
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • SLIMaxPower
      SLIMaxPower last edited by

      I made 4 rules to block my childrens wifi and computer time (currently at the bottom of the rules list)

      When I put these rules at the top of the rules list all devices/pcs on the network are blocked.

      First I made alias for their computer's ip's and wifi ips.

      Second I made schedules.

      Third I made 4 Firewall rules as can be seen at the bottom of the firewall rules.

      Need some help.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        No, will not work. These will not ever get applied for starters, since the "LAN to WAN" is above those. And as a generic note on schedules, schedule allow rules instead of block rules. Otherwise, the traffic will still flow after the schedule has expired.

        1 Reply Last reply Reply Quote 0
        • SLIMaxPower
          SLIMaxPower last edited by

          I moved them to the bottom because at the top they blocked all traffic

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            As noted, they are useless at the bottom. You need to solve your real problem (broken aliases for source used there) if they block traffic from machines that are not supposed to get blocked.

            1 Reply Last reply Reply Quote 0
            • A
              almabes last edited by

              The way I have it set up:

              I created static DHCP entries for all my (and the kids') devices on my OPT1 interface.
              I put my and my wife's phones and laptops into an alias "notkids"

              I connected my WIFI up to my OPT1, set the IP appropriately.
              I created my schedule for 6a-10p
              I created an "allow all" rule on my OPT1 interface and scheduled it.
              I added an allow all rule above this one that allows only "notkids" alias out the door.

              At 10:00 PM, the first night it was implemented,  I heard "Dad, the internet is broken!" when the screaming animes finally abated.

              You could do the same thing on your LAN interface.

              A number of your rules look to be redundant.  I would suggest simplifying your LAN rules.


              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy